Your information rights

The General Data Protection Regulation (GDPR) provides individuals with a number of other rights aside from the right of access.

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

We must provide you with information including: the purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with. This is known as ‘privacy information’ and is set out in our privacy notices.

We must provide privacy information to you at the time we collect your personal data from you. Should we obtain personal data from other sources, we must provide you with privacy information within a reasonable period of obtaining the data and no later than one month.

Should you believe that we have not provided you with sufficient information about how we are going to process your data then you can ask us to show you the ‘privacy information’ or explain the legal basis we have used to process your data.

Right to rectification

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.

Should you believe that the personal data we are processing about you is inaccurate you can submit a request for rectification.

There are certain circumstances when we can refuse a request for rectification.

Right to erasure

The GDPR introduces the right to erasure.  This is also known as the ‘the right to be forgotten’.

This is not an absolute right and it will only apply in certain circumstances. The Information Commissioner’s Office have further information on the circumstances when data can be requested for erasure and it may be useful to read their guidance on right to erasure before submitting a request.

Right to restrict processing

You will also have a right to request the restriction or suppression of your personal data.  As with the right to be forgotten, this is not an absolute right and will only apply in certain circumstances.  You should refer to the Information Commissioner’s Office guidance on right to restrict processing for further information on this.

Should we restrict processing for an individual the University will be able to store the information but we will not be able to use it.

Right to data portability

The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.

It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.

The right of portability only applies to information an individual has provided to the University.

You can find further information on this right to data portability on the Information Commissioner’s Office website.

Right to object

The GDPR gives you a right to object to the following:

• processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
• direct marketing (including profiling); and
• processing for purposes of scientific/historical research and statistics.

You must provide us with specific reasons in order to exercise this right to object to processing for research purposes.

You can find further information on this right to object on the Information Commissioner’s Office website.

How to submit a request

If you wish to exercise any of the above rights please complete our online form to outline the details of your request.  

• Information rights request form 

You can also contact the Information Governance Office by telephoning 0161 275 7789 or by emailing dataprotection@manchester.ac.uk.